«
»

Username and Password to oAuth

A couple of days ago I wrote about how many mobile and desktop application could fail in June. Well twitter have offered a helping hand to many developers. oAuth from a username/password combination.

So how does it work? [The technical bit]

Normally with oAuth the application generators a unique URL from its security tokens, opens a new browser window and asks the user to login, when the user does twitter then redirects back to the site that made the request, and posts a secure token set that, with applications tokens authenticate both the user and the application.

With mobile and desktop applications the process a little different, the application doesn’t have a website to authenticate back to, so it supply the user with a PIN code, that then is user to generate the secure codes within the application.

This doesn’t provide the best in the way of user experience and has been a thorn in the side of many application developers for a long time. Thankfully now you don’t need to, you can just supply the username and password with the oAuth request.

When this request is sent some additional headers are sent

The x_auth_mode, x_auth_username and x_auth_password are new, and if the whole this is sent via SSL, the PIN code is returned to the application directly. No Browser input.

Thanks to @abraham via his blog for the images.

Posted via email from scottherbert’s posterous

Random Posts

This entry was posted on Friday, February 5th, 2010 at 2:59 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

View Comments to “Username and Password to oAuth”

  1. Notes from a wireframe world » Blog Archive » CoTweet sold to ExactTarget Says:
    March 3rd, 2010 at 9:35 am

    [...] like Hootsuite, doesn’t use oAuth, at least it doesn’t when I last tried [...]

Leave a Reply

blog comments powered by Disqus